Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, May 14, 2006

May 15, 2006, 04:45 (0 Talkback[s])

Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated tetex packages fix security issues
Advisory ID: FLSA:152868
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-0888 CVE-2004-1125 CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628



1. Topic:

Updated tetex packages that fix several security issues are now available.

TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues.

Several flaws were discovered in the teTeX PDF parsing library. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and CVE-2005-3628 to these issues.

Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152868

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/tetex-1.0.7-47.5.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-1.0.7-47.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-afm-1.0.7-47.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-doc-1.0.7-47.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-dvilj-1.0.7-47.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-dvips-1.0.7-47.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-fonts-1.0.7-47.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-latex-1.0.7-47.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tetex-xdvi-1.0.7-47.5.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/tetex-1.0.7-66.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-1.0.7-66.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-afm-1.0.7-66.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-doc-1.0.7-66.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-dvips-1.0.7-66.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-fonts-1.0.7-66.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-latex-1.0.7-66.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/tetex-xdvi-1.0.7-66.3.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/tetex-2.0.2-8.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-2.0.2-8.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-afm-2.0.2-8.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-doc-2.0.2-8.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-dvips-2.0.2-8.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-fonts-2.0.2-8.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-latex-2.0.2-8.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/tetex-xdvi-2.0.2-8.2.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/tetex-2.0.2-14FC2.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-2.0.2-14FC2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-afm-2.0.2-14FC2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-doc-2.0.2-14FC2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-dvips-2.0.2-14FC2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-fonts-2.0.2-14FC2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-latex-2.0.2-14FC2.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/tetex-xdvi-2.0.2-14FC2.3.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


80b05b7896c5db589e960da0d73b1cd4ae120cce redhat/7.3/updates/i386/tetex-1.0.7-47.5.legacy.i386.rpm
28c6022b4f6a237d4695d1f268276ec6b18dcf4c redhat/7.3/updates/i386/tetex-afm-1.0.7-47.5.legacy.i386.rpm
017fa321d9834685f04819070d4f5fb799e05d01 redhat/7.3/updates/i386/tetex-doc-1.0.7-47.5.legacy.i386.rpm
3303175840f2fc37c5f3f77e672eeb3fafae718a redhat/7.3/updates/i386/tetex-dvilj-1.0.7-47.5.legacy.i386.rpm
fa43c7cbdf02cb7d439c9beeb0e358f8c69a5f22 redhat/7.3/updates/i386/tetex-dvips-1.0.7-47.5.legacy.i386.rpm
1e69a574c3d47cec5b58963387956dfc8337d6ec redhat/7.3/updates/i386/tetex-fonts-1.0.7-47.5.legacy.i386.rpm
bb229acb3b38ae16025d56a77c41cab939a512ac redhat/7.3/updates/i386/tetex-latex-1.0.7-47.5.legacy.i386.rpm
d21419415faefcb90b688f8d8dc60a57a6374bad redhat/7.3/updates/i386/tetex-xdvi-1.0.7-47.5.legacy.i386.rpm
f646b3f3c2ebafa6ae264f20a3f056c778bd84db redhat/7.3/updates/SRPMS/tetex-1.0.7-47.5.legacy.src.rpm
26f54ca0403372b21e6fd441d9bb64073f23e7de redhat/9/updates/i386/tetex-1.0.7-66.3.legacy.i386.rpm
e74de7855d1d07bcef6a713f4a8735e8008f5249 redhat/9/updates/i386/tetex-afm-1.0.7-66.3.legacy.i386.rpm
c836a796ad112f79c84c528006a14a3ff1f99a20 redhat/9/updates/i386/tetex-doc-1.0.7-66.3.legacy.i386.rpm
5d60fb658c5581eff85e589b2f71e49b4b7132b0 redhat/9/updates/i386/tetex-dvips-1.0.7-66.3.legacy.i386.rpm
7ea6340fe95a63586bebc82f0869f962a178a8b2 redhat/9/updates/i386/tetex-fonts-1.0.7-66.3.legacy.i386.rpm
62790eea2119387ad7c9ff4dc52aa9f24ae188f3 redhat/9/updates/i386/tetex-latex-1.0.7-66.3.legacy.i386.rpm
55f398c9781e6a75c14becd57930afd91632c8fb redhat/9/updates/i386/tetex-xdvi-1.0.7-66.3.legacy.i386.rpm
a696b9b616557bf0d9b8ae7f884e543061e0e110 redhat/9/updates/SRPMS/tetex-1.0.7-66.3.legacy.src.rpm
5560c992700e00a6f69d9ee7d2835522142fb93b fedora/1/updates/i386/tetex-2.0.2-8.2.legacy.i386.rpm
416e95e8c3241c6fb239ca534dbb5654f5bb4206 fedora/1/updates/i386/tetex-afm-2.0.2-8.2.legacy.i386.rpm
55adc5facf3a5c44cd5eb8b57559b03728fb7a64 fedora/1/updates/i386/tetex-doc-2.0.2-8.2.legacy.i386.rpm
e893ad3c1c95abd91830b43fa74138be297da25e fedora/1/updates/i386/tetex-dvips-2.0.2-8.2.legacy.i386.rpm
b5b4de3d22bf7696ed5194f68c271d08d912d571 fedora/1/updates/i386/tetex-fonts-2.0.2-8.2.legacy.i386.rpm
57029989a0bba05d33c566bdb0df6ff921f3addd fedora/1/updates/i386/tetex-latex-2.0.2-8.2.legacy.i386.rpm
857555c989ce1db61ddec8a7fdaf30a21bd1a207 fedora/1/updates/i386/tetex-xdvi-2.0.2-8.2.legacy.i386.rpm
f4cd83ce6594ce3a2ba6f3371d22b46435be8fbd fedora/1/updates/SRPMS/tetex-2.0.2-8.2.legacy.src.rpm
b02943e6007fc24a8c187d94c1511110d3d6e6e0 fedora/2/updates/i386/tetex-2.0.2-14FC2.3.legacy.i386.rpm
08f84cc10ee1b4ea4a0a28b0d06cba8209c0c5f3 fedora/2/updates/i386/tetex-afm-2.0.2-14FC2.3.legacy.i386.rpm
ea6b0ea52e2784a8d4de505e8866b6ca24ff94dd fedora/2/updates/i386/tetex-doc-2.0.2-14FC2.3.legacy.i386.rpm
61298e2841be9ce39260139387502f2caa555653 fedora/2/updates/i386/tetex-dvips-2.0.2-14FC2.3.legacy.i386.rpm
42271d0bf5aab0b7b77c6ccb90723588395e06a2 fedora/2/updates/i386/tetex-fonts-2.0.2-14FC2.3.legacy.i386.rpm
555556960f4e116cc1f92d57d8896284cf125935 fedora/2/updates/i386/tetex-latex-2.0.2-14FC2.3.legacy.i386.rpm
23d0051001771158b6573c846d1e736308cba424 fedora/2/updates/i386/tetex-xdvi-2.0.2-14FC2.3.legacy.i386.rpm
c05978c27472e3a8fbfc12896e26d78ae18e065b fedora/2/updates/SRPMS/tetex-2.0.2-14FC2.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated emacs packages fix a security issue
Advisory ID: FLSA:152898
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0100



1. Topic:

Updated Emacs packages that fix a string format issue are now available.

Emacs is a powerful, customizable, self-documenting, modeless text editor.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0100 to this issue.

Users of Emacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152898

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/emacs-21.2-3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/emacs-21.2-3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/emacs-el-21.2-3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/emacs-leim-21.2-3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/emacs-21.2-34.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/emacs-21.2-34.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/emacs-el-21.2-34.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/emacs-leim-21.2-34.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/emacs-21.3-9.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/emacs-21.3-9.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/emacs-el-21.3-9.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/emacs-leim-21.3-9.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


4441c55cfe91aabf2203d68bcbc0cf2bbd5f8798 redhat/7.3/updates/i386/emacs-21.2-3.legacy.i386.rpm
33e802e8f306f13519dd2c3f045eb9efe5e4680a redhat/7.3/updates/i386/emacs-el-21.2-3.legacy.i386.rpm
f6293ffe1c51c3bb31f1b3941da0938d8a98eff2 redhat/7.3/updates/i386/emacs-leim-21.2-3.legacy.i386.rpm
a5767f1100037b49602abb80831fa22da135c081 redhat/7.3/updates/SRPMS/emacs-21.2-3.legacy.src.rpm
ae56dba68d59f5d49105f7afb6918ac945ad8b01 redhat/9/updates/i386/emacs-21.2-34.legacy.i386.rpm
84047366c8488fa3c95070466b1bd20ce5d8687a redhat/9/updates/i386/emacs-el-21.2-34.legacy.i386.rpm
8eb8449c456e7d475157992c3e6f8bc4bdf64c7b redhat/9/updates/i386/emacs-leim-21.2-34.legacy.i386.rpm
4cf0ba484c3ab93210d186beb3c79b68b4e56984 redhat/9/updates/SRPMS/emacs-21.2-34.legacy.src.rpm
d56260f010b4603c89516ccf2ddd09c33c8c53c4 fedora/1/updates/i386/emacs-21.3-9.2.legacy.i386.rpm
6bf7cb9bacc6c0f9374849fa4507ededa13193cf fedora/1/updates/i386/emacs-el-21.3-9.2.legacy.i386.rpm
fb23df114772b6c758499401751dfc389e2e1d88 fedora/1/updates/i386/emacs-leim-21.3-9.2.legacy.i386.rpm
1a1133d917d4993c92a03c30ba08e8916c6a7bfe fedora/1/updates/SRPMS/emacs-21.3-9.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0100

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated ncpfs package fixes security issues
Advisory ID: FLSA:152904
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-1079 CVE-2005-0013 CVE-2005-0014



1. Topic:

An updated ncpfs package is now available.

Ncpfs is a file system that understands the Novell NetWare(TM) NCP protocol.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

Buffer overflows were found in the nwclient program. An attacker, using a long -T option, could possibly execute arbitrary code and gain privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-1079 to this issue.

A bug was found in the way ncpfs handled file permissions. ncpfs did not sufficiently check if the file owner matched the user attempting to access the file, potentially violating the file permissions. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0013 to this issue.

A buffer overflow was found in the ncplogin program. A remote malicious NetWare server could execute arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0014 to this issue.

All users of ncpfs are advised to upgrade to this updated package, which contains backported fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152904

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ncpfs-2.2.0.18-6.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ncpfs-2.2.0.18-6.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ipxutils-2.2.0.18-6.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ncpfs-2.2.1-1.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/ncpfs-2.2.1-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ipxutils-2.2.1-1.1.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/ncpfs-2.2.3-1.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/ncpfs-2.2.3-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/ipxutils-2.2.3-1.1.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/ncpfs-2.2.4-1.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/ncpfs-2.2.4-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/ipxutils-2.2.4-1.1.legacy.i386.rpm

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/ncpfs-2.2.4-5.FC3.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/ncpfs-2.2.4-5.FC3.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/ipxutils-2.2.4-5.FC3.1.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/ncpfs-2.2.4-5.FC3.1.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/ipxutils-2.2.4-5.FC3.1.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name


16740d3fa5e17a46429ad3586e4adf9a14a64f8d redhat/7.3/updates/i386/ncpfs-2.2.0.18-6.1.legacy.i386.rpm
21f8520c8a2a3d60e55041c0db028e03549f8544 redhat/7.3/updates/i386/ipxutils-2.2.0.18-6.1.legacy.i386.rpm
6704d55f1f43360b6ad4211e2ca0f92e9f2174c8 redhat/7.3/updates/SRPMS/ncpfs-2.2.0.18-6.1.legacy.src.rpm
6acd3b7b7d09cb0e47769b43a888adf72a6278ac redhat/9/updates/i386/ncpfs-2.2.1-1.1.legacy.i386.rpm
c49d83f88b229ce57c689d313eccb4df7b89f36b redhat/9/updates/i386/ipxutils-2.2.1-1.1.legacy.i386.rpm
ac833c51fcf831bca3edef5d0275ccd1ae0a530f redhat/9/updates/SRPMS/ncpfs-2.2.1-1.1.legacy.src.rpm
8379face8f68fe556d40bf32f72a5ab368e8eb6d fedora/1/updates/i386/ncpfs-2.2.3-1.1.legacy.i386.rpm
eefaa839a26179ca5d41897eacf7bbf3c49661e1 fedora/1/updates/i386/ipxutils-2.2.3-1.1.legacy.i386.rpm
ede00a8544200515b5e09a7a40836d8f558cac9d fedora/1/updates/SRPMS/ncpfs-2.2.3-1.1.legacy.src.rpm
1d32d2f0c39475f98206d78f87c587d4f96ddb70 fedora/2/updates/i386/ncpfs-2.2.4-1.1.legacy.i386.rpm
c095ce2d66184b605516231609cddc30520c3eb5 fedora/2/updates/i386/ipxutils-2.2.4-1.1.legacy.i386.rpm
874f8a48f85fef80615b5892a70d214f0935ed7a fedora/2/updates/SRPMS/ncpfs-2.2.4-1.1.legacy.src.rpm
dc329c8b3558f67350486358b01b6a62f6f467af fedora/3/updates/i386/ncpfs-2.2.4-5.FC3.1.legacy.i386.rpm
1ddd6caafe4a693d4a69d341be69600df446de3b fedora/3/updates/i386/ipxutils-2.2.4-5.FC3.1.legacy.i386.rpm
db8660759a23570a6d06bda37c619e0931425ef8 fedora/3/updates/x86_64/ncpfs-2.2.4-5.FC3.1.legacy.x86_64.rpm
1e8bc7d10995fde90688b424f5001c14f7d3e3bc fedora/3/updates/x86_64/ipxutils-2.2.4-5.FC3.1.legacy.x86_64.rpm
7f29dd88dcf31f19970e22c8c3af7267c62a5508 fedora/3/updates/SRPMS/ncpfs-2.2.4-5.FC3.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0014

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated xloadimage package fixes security issues
Advisory ID: FLSA:152923
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0638 CVE-2005-3178



1. Topic:

A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in file names is now available.

The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM, and XBM).

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A flaw was discovered in xloadimage where filenames were not properly quoted when calling the gunzip command. An attacker could create a file with a carefully crafted filename so that it would execute arbitrary commands if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0638 to this issue.

A flaw was discovered in xloadimage via which an attacker can construct a NIFF image with a very long embedded image title. This image can cause a buffer overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-3178 to this issue.

All users of xloadimage should upgrade to this erratum package, which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152923

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/xloadimage-4.1-21.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/xloadimage-4.1-21.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/xloadimage-4.1-27.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/xloadimage-4.1-27.2.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/xloadimage-4.1-29.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/xloadimage-4.1-29.2.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/xloadimage-4.1-34.FC2.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/xloadimage-4.1-34.FC2.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


88326ff1a0753287240180322b36f8174686e0cc redhat/7.3/updates/i386/xloadimage-4.1-21.2.legacy.i386.rpm
663b64ed039000824bacd3475e807c29c835f388 redhat/7.3/updates/SRPMS/xloadimage-4.1-21.2.legacy.src.rpm
7fef8d73737dfacb3d56f203bf31f3c8e2014925 redhat/9/updates/i386/xloadimage-4.1-27.2.legacy.i386.rpm
2b4223a41ab2127ee3b173e0803635f3c441bb4f redhat/9/updates/SRPMS/xloadimage-4.1-27.2.legacy.src.rpm
c24c7a2ae4d703b00a3f84623cae24775674d5d7 fedora/1/updates/i386/xloadimage-4.1-29.2.legacy.i386.rpm
ec2c5a9b5049aeca3cd4d12e7b84c650fec1c295 fedora/1/updates/SRPMS/xloadimage-4.1-29.2.legacy.src.rpm
2910727dcd74a462a2f137746592e53ba5fcdfac fedora/2/updates/i386/xloadimage-4.1-34.FC2.2.legacy.i386.rpm
924f5e4ffc9ff7190dc1808def838e57377f5fd6 fedora/2/updates/SRPMS/xloadimage-4.1-34.FC2.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3178

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated fetchmail packages fix security issues
Advisory ID: FLSA:164512
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2003-0792 CVE-2005-2335 CVE-2005-3088 CVE-2005-4348



1. Topic:

Updated fetchmail packages that fix security flaws are now available.

Fetchmail is a remote mail retrieval and forwarding utility.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A bug was found in the way fetchmail allocates memory for long lines. A remote attacker could cause a denial of service by sending a speciallycrafted email. The Common Vulnerabilities and Exposures project has assigned the name CVE-2003-0792 to this issue.

A buffer overflow was discovered in fetchmail's POP3 client. A malicious server could cause send a carefully crafted message UID and cause fetchmail to crash or potentially execute arbitrary code as the user running fetchmail. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2335 to this issue.

A bug was found in the way the fetchmailconf utility program writes configuration files. The default behavior of fetchmailconf is to write a configuration file which may be world readable for a short period of time. This configuration file could provide passwords to a local malicious attacker within the short window before fetchmailconf sets secure permissions. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3088 to this issue.

A bug was found when fetchmail is running in multidrop mode. A malicious mail server can cause a denial of service by sending a message without headers. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-4348 to this issue.

Users of fetchmail should update to this erratum package which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164512

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/fetchmail-5.9.0-21.7.3.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/fetchmail-5.9.0-21.7.3.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/fetchmailconf-5.9.0-21.7.3.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/fetchmail-6.2.0-3.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/fetchmail-6.2.0-3.4.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/fetchmail-6.2.0-8.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/fetchmail-6.2.0-8.2.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/fetchmail-6.2.5-2.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/fetchmail-6.2.5-2.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


8b49bca60dc8bcbba7634b8e0559c82fbeef3db5 redhat/7.3/updates/i386/fetchmail-5.9.0-21.7.3.2.legacy.i386.rpm
9c9c861757b4b8b2866f1d0e91dbc16d5037d956 redhat/7.3/updates/i386/fetchmailconf-5.9.0-21.7.3.2.legacy.i386.rpm
9cca4f274cb21928d459ed25883e5d3c1f758f10 redhat/7.3/updates/SRPMS/fetchmail-5.9.0-21.7.3.2.legacy.src.rpm
0fd22e51f83aab97d8c1790ed95423882f01aa9b redhat/9/updates/i386/fetchmail-6.2.0-3.4.legacy.i386.rpm
7d2eb582d0aba96e07710eb89cd8c4c41c4530d3 redhat/9/updates/SRPMS/fetchmail-6.2.0-3.4.legacy.src.rpm
5df158a0ba6bb0c323a75464e04b11e246dd8f98 fedora/1/updates/i386/fetchmail-6.2.0-8.2.legacy.i386.rpm
927ed2783b8b4a29d0669e7936c1d27fd05564eb fedora/1/updates/SRPMS/fetchmail-6.2.0-8.2.legacy.src.rpm
418f533e86f4c04a5fc41235b0618db470a63471 fedora/2/updates/i386/fetchmail-6.2.5-2.2.legacy.i386.rpm
d5a948f76f51032c05ab44b0ca7e47e36f7e4042 fedora/2/updates/SRPMS/fetchmail-6.2.5-2.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated gnupg package fixes security issues
Advisory ID: FLSA:185355
Issue date: 2006-05-12
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2006-0049 CVE-2006-0455



1. Topic:

An updated GnuPG package that fixes signature verification flaws is now available.

GnuPG is a utility for encrypting data and creating digital signatures.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically signed data with detached signatures. It is possible for an attacker to construct a cryptographically signed message which could appear to come from a third party. When a victim processes a GnuPG message with a malformed detached signature, GnuPG ignores the malformed signature, processes and outputs the signed data, and exits with status 0, just as it would if the signature had been valid. In this case, GnuPG's exit status would not indicate that no signature verification had taken place. This issue would primarily be of concern when processing GnuPG results via an automated script. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0455 to this issue.

Tavis Ormandy also discovered a bug in the way GnuPG verifies cryptographically signed data with inline signatures. It is possible for an attacker to inject unsigned data into a signed message in such a way that when a victim processes the message to recover the data, the unsigned data is output along with the signed data, gaining the appearance of having been signed. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0049 to this issue.

Please note that neither of these issues affect the way RPM or up2date verify RPM package files, nor is RPM vulnerable to either of these issues.

All users of GnuPG are advised to upgrade to this updated package, which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185355

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gnupg-1.0.7-13.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnupg-1.0.7-13.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gnupg-1.2.1-9.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/gnupg-1.2.1-9.2.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/gnupg-1.2.3-2.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/gnupg-1.2.3-2.2.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/gnupg-1.2.4-2.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/gnupg-1.2.4-2.3.legacy.i386.rpm

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/gnupg-1.2.7-1.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/gnupg-1.2.7-1.2.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/gnupg-1.2.7-1.2.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name


8908e71fbca5c2bae5f3aadd774e42a49a5cb957 redhat/7.3/updates/i386/gnupg-1.0.7-13.3.legacy.i386.rpm
dd9dc31630ca66faffb4f214f425b973cb3212cf redhat/7.3/updates/SRPMS/gnupg-1.0.7-13.3.legacy.src.rpm
b551dcbc9739ca6af6ca175c61709d5a4209fee6 redhat/9/updates/i386/gnupg-1.2.1-9.2.legacy.i386.rpm
937e799801ee740b3076aaf7bae40aedad8150bf redhat/9/updates/SRPMS/gnupg-1.2.1-9.2.legacy.src.rpm
69c6c0d7cd4250e7e9ce1dc67ce4f3da3ee3b810 fedora/1/updates/i386/gnupg-1.2.3-2.2.legacy.i386.rpm
b0f065bc8326fdc3f842dbc368be479f5d6b27c0 fedora/1/updates/SRPMS/gnupg-1.2.3-2.2.legacy.src.rpm
4c9c5887459282cf336cc18c161eb3a243ea4b6d fedora/2/updates/i386/gnupg-1.2.4-2.3.legacy.i386.rpm
ffdee44401e55625c991eb20a6fcf316f0fae7c9 fedora/2/updates/SRPMS/gnupg-1.2.4-2.3.legacy.src.rpm
56347e77b9f310b8b9f13b5105f50720d114660f fedora/3/updates/i386/gnupg-1.2.7-1.2.legacy.i386.rpm
42858f6256ed2aed3ebacaa1ea948ab245713ad6 fedora/3/updates/x86_64/gnupg-1.2.7-1.2.legacy.x86_64.rpm
66087d787f7707eb181ceff7e37d3f2ca624201a fedora/3/updates/SRPMS/gnupg-1.2.7-1.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org


Trustix Secure Linux


Trustix Secure Linux Security Advisory #2006-0026

Package names: kernel
Summary: Multiple vulnerabilities
Date: 2006-05-12
Affected versions: Trustix Secure Linux 3.0


Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Problem description:
kernel < TSL 3.0 >

  • New Upstream.
  • SECURITY Fix: An error in the Stream Control Transmission Protocol (SCTP) code that uses incorrect state table entries when certain ECNE chunks are received in CLOSED state, could be exploited by attackers to cause a kernel panic via a specially crafted packet.
  • An error exist when handling incoming IP-fragmented SCTP control chunks, which could be exploited by attackers to cause a kernel panic via a specially crafted packet.
  • Linux SCTP (lksctp) allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function
  • Linux SCTP (lksctp) allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
  • A vulnerability has been identified due to an input validation error when processing arguments containing backslash ("\") characters passed to certain commands (e.g. "cd"), which could be exploited by authenticated attackers to escape chroot restrictions for a CIFS or SMBFS mounted filesystem.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-2271, CVE-2006-2272, CVE-2006-2274, CVE-2006-2275 and CVE-2006-1864 to these issues.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification: